Privacy Shield Framework

Written By ESR News Blog Editor Thomas Ahearn

In June 2019, the Federal Trade Commission (FTC) – a government agency that protects consumers and promotes competition – reached a settlement with a background screening company over an alleged false claim of being a participant in the EU-U.S. Privacy Shield program and also sent warning letters to more than a dozen companies for falsely claiming participation in other privacy agreements, according to an FTC press release.

In its complaint, the FTC alleged that the background screening company falsely claimed on its website that it participated in the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks, which establish processes to allow companies to transfer consumer data from European Union (EU) countries and Switzerland to the United States (U.S.) in compliance with EU and Swiss law, respectively, according to the press release.

While the background screening company initiated a Privacy Shield application in September 2017 with the U.S. Department of Commerce, it did not complete the steps necessary to be certified as complying with the frameworks and was not a certified participant in the frameworks, despite representations to the contrary on its website. The FTC enforces the promises companies make when joining those programs.

The FTC also sent warning letters to 13 companies that falsely claimed they participate in the U.S.-EU Safe Harbor and the U.S.-Swiss Safe Harbor frameworks, which were replaced in 2016 by the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks, respectively. These Safe Harbor agreements are no longer in force, and the last valid self-certifications for either agreement have expired.

In addition, the FTC sent warning letters to two companies for claiming in their privacy policies that they participate in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system even though they are not certified participants. The APEC CBPR system enhances the protection of consumer data that moves among the APEC member economies through a voluntary but enforceable code of conduct.

In July 2018, a company agreed to settle FTC charges of falsely claiming to comply with the EU-U.S. Privacy Shield after stating on its website that it was “in the process of certifying that we comply with the U.S.-E.U. Privacy Shield Framework.”  In September 2017, three companies agreed to settle FTC charges that they misled consumers about their participation in the EU-U.S. Privacy Shield.

The EU-U.S. Privacy Shield Framework – which officially launched on August 1, 2016 – replaced a previous international agreement called “Safe Harbor” that was invalidated by a European Court of Justice ruling on October 6, 2015. The Privacy Shield Framework includes seven commonly recognized privacy principles combined with 16 supplemental principles. To learn more, visit www.privacyshield.gov.

Employment Screening Resources® (ESR) has received notification from the Department of Commerce’s International Trade Administration (ITA) that ESR’s annual submission for its self-certification of adherence to the Privacy Shield Framework was effective as of September 26, 2018. ESR was one of the first adopters of Privacy Shield with an original certification date of August 12, 2016. To learn more, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2019 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.